[Openswan Users] weird cert reject but can connect? anyone?
Nate Carlson
natecars at natecarlson.com
Wed Jun 30 22:02:44 CEST 2004
On Wed, 30 Jun 2004, hallian hallian wrote:
> I see this weird message...... about Issuer cert CA not found and reject
> your x509 cert but still I'm able to connect and ping/map dirve
> etc...... This is very peculiar........ and wondering... why is this
> happening... anyone seen this before?
Looks like you are specifying both a leftcert and a rightcert - from my
experience, if the cert on disk matches the cert that the remote end is
sending, it'll accept it, even if there isn't a matching CA available. The
message should probably be clarified a bit.
IE, normally it'd be rejected because it's not signed by a known CA, but
since you've got a copy of the cert on disk and it matches what's
specified with Xcert=, the cert is allowed.
------------------------------------------------------------------------
| nate carlson | natecars at natecarlson.com | http://www.natecarlson.com |
| depriving some poor village of its idiot since 1981 |
------------------------------------------------------------------------
More information about the Users
mailing list